+1 Doing well. Staying safe.
On Thu, May 7, 2020 at 00:31 Peter Firmstone <peter.firmst...@zeus.net.au> wrote: > Hello River Folk, > > Please review the May report draft below. With work starting to slow > down, I should have some time to complete the modular build soon. > > How are you being impacted by Covid-19? > > Regards, > > Peter Firmstone. > > ## Description: > > - Apache River provides a platform for dynamic discovery and lookup > search of network services. Services may be implemented in a number > of languages, while clients are required to be jvm based (presently at > least), to allow proxy jvm byte code to be provisioned dynamically. > > ## Issues: > - There are no issues requiring board attention at this time. > > ## Activity: > > - Minimal activity at present, initial work on the modular build > structure has commenced. The current monolithic build is complex, with > it's own build tool classdepandjar, it adds complexity for new > developers. In recent months I have had work commitments that have > limited my ability to integrate the modular build. The other committers > are waiting for the modular build and I have done a lot of work on this > locally, this work has been a significant undertaking integrating the > works of Dennis Reedy, Dan Rollo and myself. This is also a mature > codebase, having been in development since the late 1990's. > > - The monolithic code has been svn moved into modules into an initial > maven build structure, next step is to move junit tests to each module. > > - Until the monolithic build has been broken up into maven modules, we > are likely to have difficulty attracting new contributors due to the > appearance of complexity. > > Release roadmap: > > River 3.1 - Modular build restructure (& binary release) > River 3.2 - Input validation 4 Serialization, delayed unmarshalling& > safe ServiceRegistrar lookup service.River 3.3 - OSGi support > > ## Health report: > > - River is a mature codebase with existing deployments, it was > primarily designed for dynamic discovery of services on private > networks. IPv4 NAT limitations historically prevented the use of River > on public networks, however the use of IPv6 on public networks removes > these limitations. Web services evolved with the publish subscribe > model of today's internet, River has the potential to dynamically > discover services on IPv6 networks, peer to peer, blurring current > distinctions between client and server, it has the potential to address > many of the security issues currently experienced with IoT and avoid any > dependency on the proprietary cloud for "things". > > - Future Direction: > > * Target IOT space with support for OSGi and IPv6 (security fixes > required prior to announcement) > * Input validation for java deserialization - prevents DOS and > Gadget attacks. > * IPv6 Multicast Service Discovery (River currently only supports > IPv4 multicast discovery). > * Delayed unmarshalling for Service Lookup and Discovery (includes > SafeServiceRegistrar mentioned in release roadmap), so > authentication can occur prior to downloading service proxy's, > this addresses a long standing security issue with service lookup > while significantly improving performance under some use cases. > * Security fixes for SSL endpoints, updated to TLS v1.2 with removal > of support for insecure cypher's. > * Secure TLS SocketFactory's for RMI Registry, uses > the currently logged in Subject for authentication. > The RMI Registry still plays a minor role in service activation, > this allows those who still use the Registry to secure it. > * Maven build to replace existing ant built that uses > classdepandjar, a bytecode dependency analysis build tool. > * Updating the Jini specifications. > > ## Project Composition: > > There are currently 16 committers and 12 PMC members in this project. > The Committer-to-PMC ratio is 4:3. > > ## Community changes, past quarter: > > No new PMC members. Last addition was Dan Rollo on 2017-12-01. > No new committers. Last addition was Dan Rollo on 2017-11-02. > > ## Project Release Activity: > - Recent releases: > > River-3.0.0 was released on 2016-10-06. > river-jtsk-2.2.3 was released on 2016-02-21. > river-examples-1.0 was released on 2015-08-10. > > >
